projects/uloganalyzer/uloganalyzer.cpp

#include <iostream>
#include <fstream>
#include <string>
#include <sstream>
#include <vector>
#include <iomanip>
#include <GeoIP.h>


using namespace std;
GeoIP* gi = 0;
bool lookup = false;

vector<string>  getTokens(const string& str){
        string buf;  
        stringstream ss(str);  
        vector<string> tokens;  
        while (ss >> buf)
           tokens.push_back(buf);
        return tokens;
}

void lookupIP(const string& ip) {
        if (!lookup)
                return;
        const char* cc = GeoIP_country_code_by_addr(gi, ip.c_str());

        if (cc)
                cout << setw(3) << cc << " ";
        else
                cout << setw(3) << "n/a ";

}

void analyseWord(const string& word) {
        int delim = word.find("=");

        if (delim == -1) //delimiter not found;
                return;
        string key = word.substr(0,delim);
        string val = word.substr(delim+1, 1024); // the rest

        if (key == "SRC") {
                cout << setw(15) << left << val << " ";
                lookupIP(val);
        }

        if (key == "DST")
                cout << setw(15) << left << val << " ";

        if (key == "PROTO")
                cout << val << " ";

        if (key == "SPT")
                cout << setw(5) << right << val << " ";

        if (key == "DPT")
                cout << setw(6) << right << val << " ";
}

void analyseLine(string line) {
        vector<string> words = getTokens(line);

        //print date and time
        cout << words[0] << " " << words[1] << " " << words[2] << " ";
        for (unsigned i=3; i<words.size(); i++) {
                analyseWord(words[i]);
        }


        cout << endl;   
}


void printUsage() {
        cout << "Usage: analyser [-l] <logfile>" << endl;
        cout << "Options:" << endl;
        cout << "  -l : geoip lookup on source IP adresses" << endl;
}

int main(int argc, char** argv)
{
        if (argc < 2) {
                printUsage();
                return 1;
        }

        string file = "";

        if (string(argv[1]) == "-l") {
                if (argc != 3) {
                        printUsage();
                        return 1;
                }

                file = argv[2];
                lookup = true;
        } else {
                file = argv[1];
        }


        ifstream in(file.c_str());

        if (!in) {
                cout << "Could not open " << file << endl;
                return 1;
        }


        if (lookup){
                gi = GeoIP_new(GEOIP_STANDARD); 
        }

        char buffer[1024];

        while (!in.eof()) {
                in.getline(buffer,1024);
                if (buffer[0] == 0)
                        continue; //empty line 
                analyseLine(buffer);
        }

        if (lookup) {
                GeoIP_delete(gi);
        }

        return 0;
}
1	torben	116	#include <iostream>
2			#include <fstream>
3			#include <string>
4			#include <sstream>
5			#include <vector>
6			#include <iomanip>
7			#include <GeoIP.h>
8
9
10			using namespace std;
11			GeoIP* gi = 0;
12			bool lookup = false;
13
14			vector<string> getTokens(const string& str){
15			string buf;
16			stringstream ss(str);
17			vector<string> tokens;
18			while (ss >> buf)
19			tokens.push_back(buf);
20			return tokens;
21			}
22
23			void lookupIP(const string& ip) {
24			if (!lookup)
25			return;
26			const char* cc = GeoIP_country_code_by_addr(gi, ip.c_str());
27
28			if (cc)
29			cout << setw(3) << cc << " ";
30			else
31			cout << setw(3) << "n/a ";
32
33			}
34
35			void analyseWord(const string& word) {
36			int delim = word.find("=");
37
38			if (delim == -1) //delimiter not found;
39			return;
40			string key = word.substr(0,delim);
41			string val = word.substr(delim+1, 1024); // the rest
42
43			if (key == "SRC") {
44			cout << setw(15) << left << val << " ";
45			lookupIP(val);
46			}
47
48			if (key == "DST")
49			cout << setw(15) << left << val << " ";
50
51			if (key == "PROTO")
52			cout << val << " ";
53
54			if (key == "SPT")
55			cout << setw(5) << right << val << " ";
56
57			if (key == "DPT")
58			cout << setw(6) << right << val << " ";
59			}
60
61			void analyseLine(string line) {
62			vector<string> words = getTokens(line);
63
64			//print date and time
65			cout << words[0] << " " << words[1] << " " << words[2] << " ";
66			for (unsigned i=3; i<words.size(); i++) {
67			analyseWord(words[i]);
68			}
69
70
71			cout << endl;
72			}
73
74
75			void printUsage() {
76			cout << "Usage: analyser [-l] <logfile>" << endl;
77			cout << "Options:" << endl;
78			cout << " -l : geoip lookup on source IP adresses" << endl;
79			}
80
81			int main(int argc, char** argv)
82			{
83			if (argc < 2) {
84			printUsage();
85			return 1;
86			}
87
88			string file = "";
89
90			if (string(argv[1]) == "-l") {
91			if (argc != 3) {
92			printUsage();
93			return 1;
94			}
95
96			file = argv[2];
97			lookup = true;
98			} else {
99			file = argv[1];
100			}
101
102
103			ifstream in(file.c_str());
104
105			if (!in) {
106			cout << "Could not open " << file << endl;
107			return 1;
108			}
109
110
111			if (lookup){
112			gi = GeoIP_new(GEOIP_STANDARD);
113			}
114
115	torben	122	char buffer[1024];
116
117	torben	116	while (!in.eof()) {
118			in.getline(buffer,1024);
119			if (buffer[0] == 0)
120			continue; //empty line
121			analyseLine(buffer);
122			}
123
124			if (lookup) {
125	torben	122	GeoIP_delete(gi);
126	torben	116	}
127
128			return 0;
129			}